Official Knife Discussion

Fun and easy. I read about the incident by the time it occurred so I quickly spotted the vuln as soon as I saw the software version. Root was even easier. Just use a subcommand and run a command to get your root shell :wink:

Great box… Gotta say that was one of the easiest easy boxes on HTB. Learned something new about an old gem!

Has Anyone else had the 408 request timeout issue on gaining the foothold? I know I’m doing it correctly, I just don’t know what is going on with the timing.

It was my first machine to crack loved it!!:heart:
was not easy but managed to get in??
little bit of googling worked.

Nice and very easy box.

Foothold/User: Check the used technologies for exploits. Additional tools like Wappalyzer might give you better hints than the usual tools.

Root: Check which commands you can execute and then research how you can use that to escalate.

Rooted. Feel free to hit me up if you need a nudge.

My biggest hurdle for foothold (like many others have said) was not using a tool which gives more info about what services are running on the server during the initial enum phase.

The biggest hurdle to root was the dumb shell I had access to once inside. It was obvious what I needed to do to get root, however my shell didn’t quite… cut it.

What methods did others use to upgrade their shells?

user flag was a logical approach. Little bit stuck on root. Trying harder. Already thanks for all the advices here on the forum. Appreciated.

Pwned! Thanks @MrKN16H for this pretty machine! Good for new guys on HTB.
PM me if you new help :3

I have run Nmap against it and I know the web server version. I google that version but I didn’t find anything that helps. Am I on the right track? Or somebody could give a some hint on getting a foothold on this machine. Thank you.

Fun little box. Echo what @7ailwind said about nmap. That’s usually my goto. Another scanner provided the key piece of info on this. After that, a quick Google search gives you what you need.

root was fairly straightforward. PM me for a nudge.

Cheers!

Fun box, that’s a great intro.

User: Don’t be afraid to use another hackers work.

Root: If you miss it, this exploit will cut deep.

If you’re stuck, feel free to message me. Happy to point people in the right direction.

Rooted, thanks for the hint and help from @velocicat

Flags are not correct. Return error when try to submit…

Just got user on this - Not sure whether the Chinese clue is right, didn’t come across any myself. However, definitely worth reading the scanning tool output fully. One bit might stand out and it’s worth a Google!

Mine sat doing nothing for a little, while exploiting, so don’t give up too quickly!

back after another one of my 6 month hiatuses. Fun and easy box! kind of OSCP-ish :smile:

user
your BAU enum efforts should tell you enough about what’s running. Then, don’t be shy and mod your exploit to get back something smart and interactive.

root
sort of the same as above. There is an app installed in there that im not very familiar with but it has the power. With some querying the googly machine I understood what I could do with it.

Hi I own the user. But I need hint for root.

Thank you everyone for your nudges! Thanks to you, I managed to pwn my first active box ever!

Easiest machine if one knows where to look. For foothold nmap may not show it all, try a different recon tool and the rest is a walk down the ramp from there.

Nice easy little box. Should be a good intro for newer people on HTB and CTF’s in general.

User: Make sure that you enumerate the services that are running completely and don’t just rely on a single scan. Root: PrivEsc isn’t that hard so just think about standard things to check. I had issues with my initial shell and getting things to work so I would recommend a reverse shell when you attempt this part.